Example 26 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class DefaultCsrfTokenGeneratorTests method test.
@Test
public void test() {
final WebContext context = MockWebContext.create();
final SessionStore sessionStore = new MockSessionStore();
final var token = generator.get(context, sessionStore);
assertNotNull(token);
final var token2 = (String) sessionStore.get(context, Pac4jConstants.CSRF_TOKEN).orElse(null);
assertEquals(token, token2);
final long expirationDate = (Long) sessionStore.get(context, Pac4jConstants.CSRF_TOKEN_EXPIRATION_DATE).orElse(null);
final var nowPlusTtl = new Date().getTime() + 1000 * generator.getTtlInSeconds();
assertTrue(expirationDate > nowPlusTtl - 1000);
assertTrue(expirationDate < nowPlusTtl + 1000);
generator.get(context, sessionStore);
final var token3 = (String) sessionStore.get(context, Pac4jConstants.PREVIOUS_CSRF_TOKEN).orElse(null);
assertEquals(token, token3);
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
WebContext(org.pac4j.core.context.WebContext)
MockWebContext(org.pac4j.core.context.MockWebContext)
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Date(java.util.Date)
Test(org.junit.Test)
Example 27 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class DefaultAuthorizationCheckerTests method testCsrfCheckPost.
@Test
public void testCsrfCheckPost() {
final var context = MockWebContext.create().setRequestMethod(HttpConstants.HTTP_METHOD.POST.name());
final var generator = new DefaultCsrfTokenGenerator();
final SessionStore sessionStore = new MockSessionStore();
generator.get(context, sessionStore);
assertFalse(checker.isAuthorized(context, sessionStore, profiles, DefaultAuthorizers.CSRF_CHECK, new HashMap<>(), new ArrayList<>()));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
DefaultCsrfTokenGenerator(org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator)
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Test(org.junit.Test)
Example 28 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class CsrfAuthorizerTests method testParameterNoExpirationDate.
@Test
public void testParameterNoExpirationDate() {
final WebContext context = MockWebContext.create().addRequestParameter(Pac4jConstants.CSRF_TOKEN, VALUE);
final SessionStore sessionStore = new MockSessionStore();
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN, VALUE);
Assert.assertFalse(authorizer.isAuthorized(context, sessionStore, null));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
WebContext(org.pac4j.core.context.WebContext)
MockWebContext(org.pac4j.core.context.MockWebContext)
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Test(org.junit.Test)
Example 29 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class CsrfAuthorizerTests method testParameterOk.
@Test
public void testParameterOk() {
final WebContext context = MockWebContext.create().addRequestParameter(Pac4jConstants.CSRF_TOKEN, VALUE);
final SessionStore sessionStore = new MockSessionStore();
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN, VALUE);
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN_EXPIRATION_DATE, expirationDate);
Assert.assertTrue(authorizer.isAuthorized(context, sessionStore, null));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
WebContext(org.pac4j.core.context.WebContext)
MockWebContext(org.pac4j.core.context.MockWebContext)
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Test(org.junit.Test)
Example 30 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class CsrfAuthorizerTests method testParameterOkNewName.
@Test
public void testParameterOkNewName() {
final WebContext context = MockWebContext.create().addRequestParameter(NAME, VALUE);
final SessionStore sessionStore = new MockSessionStore();
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN, VALUE);
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN_EXPIRATION_DATE, expirationDate);
authorizer.setParameterName(NAME);
Assert.assertTrue(authorizer.isAuthorized(context, sessionStore, null));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
WebContext(org.pac4j.core.context.WebContext)
MockWebContext(org.pac4j.core.context.MockWebContext)
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Test(org.junit.Test)
Aggregations
SessionStore (org.pac4j.core.context.session.SessionStore)32
MockSessionStore (org.pac4j.core.context.session.MockSessionStore)22
Test (org.junit.Test)20
WebContext (org.pac4j.core.context.WebContext)18
MockWebContext (org.pac4j.core.context.MockWebContext)13
FoundAction (org.pac4j.core.exception.http.FoundAction)6
CommonProfile (org.pac4j.core.profile.CommonProfile)5
Slf4j (lombok.extern.slf4j.Slf4j)3
lombok.val (lombok.val)3
Client (org.pac4j.core.client.Client)3
Date (java.util.Date)2
Optional (java.util.Optional)2
SneakyThrows (lombok.SneakyThrows)2
ServicesManager (org.apereo.cas.services.ServicesManager)2
Unchecked (org.jooq.lambda.Unchecked)2
HttpAction (org.pac4j.core.exception.http.HttpAction)2
Algorithm (com.nimbusds.jose.Algorithm)1
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
MalformedURLException (java.net.MalformedURLException)1
